Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

INFO: Known issues for MailMarshal/SEG 10.X

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal (SEG) 10.X

Question:

  • What are the known issues and limitations for MailMarshal (SEG) 10.X?

Information:

This article highlights differences between MailMarshal 8.X and 10.X, as well as any known issues and major fixed issues. 

Updates released in MailMarshal 10.2.5:

The following issues or limitations present in MailMarshal (SEG) 10.1.0 and below have been resolved in version 10.2.5.

  • The Console now validates moved rules to prevent moving a target rule above a rule that refers to it (circular policy).
  • Moving or copying rules between Policy Groups is supported.
  • Policy printing is supported.
  • Connector user groups selected for some uses did not display in the user interface. This display issue is fixed. Note that Trustwave recommends using local groups in these settings (Digests, SpamProfiler exclusions, and DHA settings) with the connector groups as members.

    Known issues in 10.2.X:

    • For customers intending to enable DANE:
      • On upgrade if the Policy Management Outbound policy group does not exist, a rule to ignore DANE validation for specified domains will be created in a new upgrade policy group __Upgrade__DANE Rule.
      • If this policy group is created, you must edit Filtering conditions of this policy group and ensure it is set to apply to outgoing messages only.

      Updates released in MailMarshal 10.2.0:

      The following issues or limitations present in MailMarshal (SEG) 10.1.0 and below have been resolved in version 10.2.0.

      • In rare cases, deletion of deeply nested unpacked files could fail.
      • In version 10.1, in rare cases, child user groups were not correctly loaded on processing nodes.
      • A new version of the third party SSL library is included. This version addresses performance issues identified in 10.0.7 and 10.1.0
      • Performance of Image Analyzer has been adjusted. Some scanning issues have been addressed.

        Known performance issue in 10.0.7 and 10.1.0

        • The third party SSL library used in these versions of MailMarshal has been found to use more system resource than earlier releases when under load. It may also initialize more slowly for each connection. In some cases, email throughput can be affected.
        • A new version of the library is provided in version 10.2.0 and above.

        Known issues in 10.1.0:

        • Trustwave identified an issue with database insertion in the original release 10.1.0.5089. This issue could affect the display of data in Mail History and the ability to manage processed messages. The issue is resolved in 10.1.0.5102.
          • Release 10.1.0.5089 has been withdrawn. Customers must upgrade to the current release 10.1.0.5102.
        • For customers intending to enable DANE:
          • On upgrade if the Policy Management Outbound policy group does not exist, a rule to ignore DANE validation for specified domains will be created in a new upgrade policy group __Upgrade__DANE Rule.
          • If this policy group is created, you must edit Filtering conditions of this policy group and ensure it is set to apply to outgoing messages only.

        Updates released in MailMarshal (SEG) 10.1.0:

        The following issues or limitations present in MailMarshal (SEG) 10.0.7 and below have been resolved in version 10.1.0.

        • "Unsafe legacy renegotiation" can be enabled with a configuration setting. See Trustwave Knowledgebase article Q21216.
        • DKIM record status is correctly displayed in the Management Console Local Domains detail.
        • The installer does not exit without warning after checking for Visual Studio updates.
        • See Release Notes for additional updates.

          Known issues in 10.0.7:

          • Unsafe legacy renegotiation disabled: The TLS/SSL library included in release 10.0.7 (and above) does not negotiate outbound (sender) TLS connections where the remote server only supports legacy renegotiation of TLS. The risk in legacy renegotiation is described in CVE-2009-3555. Servers that still use this legacy method are very rare. A hotfix is available for customers who have a business need to allow this risk.
          • The original 10.0.7 release (3969) caused unexpected changes in TLS behavior. This release has been withdrawn from download pages. The currently available release 10.0.7.3979 corrects this issue. Any customers who installed the earlier release should upgrade immediately.
          • On some systems the installer will exit with no warning after checking for Visual Studio updates. To continue, simply run the installer again.
          • Restoring a backup created in an earlier version will cause processing services to stop, because the SSL libraries will be overwritten with the earlier and incompatible versions. For more information and resolution steps, see Trustwave Knowledgebase article Q21209.

          Important Known Issues in 10.0.4:

          • Folder changes cause quarantine problem: If you edit properties of a Folder, the physical path location information is lost. Message files are stored in an incorrect location. Message details and release for earlier quarantined messages do not work.
          • Folder editing is corrected in later releases. However, any changes made in 10.0.4 are not automatically fixed.
          • For customers who encounter this issue, a tool is available to detect incorrectly configured folders and move the incorrectly stored files. Contact Trustwave support.

          Updates released in MailMarshal (SEG) 10.0.7:

          The following issues or limitations present in MailMarshal (SEG) 10.0.6 and below have been resolved in version 10.0.7.

          • Node servers can now be deleted from the installation in the Console.
          • Import of configurations could fail due to an issue with parsing of XML. This issue is corrected.
          • See Release Notes for additional updates.

            Updates released in MailMarshal (SEG) 10.0.6:

            The following issues or limitations present in MailMarshal (SEG) 10.0.5 and below have been resolved in version 10.0.6.

            • Upgraded installations that have custom Relay or Routing tables did not show the correct values in the website editor initially and other settings for a server could not be changed, with error "The Name field is required". This issue is corrected for new upgrades from version 8.X. To resolve the issue manually, select and save the desired settings for these tables.
            • Connector group members are not preserved in the upgrade from 8.2 to 10.0, or on restore of a configuration backup. Upgrade and restore now initiate an immediate refresh of these groups.
            • Console folder date issues related to Daylight Saving Time changes have been resolved.

            Updates released in earlier 10.X releases:

            This section highlights significant fixes that are included in releases 10.0.1 through 10.0.5. See release notes for full information.
            • In release 10.0.4, editing of folder properties caused messages to be stored in an incorrect location.
            • In release 10.0.4, for Windows authentication users, the "light" theme was not applied when selected. 
            • In release 10.0.4, the rule condition "sender authenticated successfully" was no evaluated as expected.

            Installation/Upgrade:

            • Prerequisite check on nodes now correct handles the case where IIS was previously installed then uninstalled.
            • The Configuration Service now accepts passwords that contain the characters: ; = ' 
            • Upgrade correctly determines the database location if the location was changed.
            • Validation of group names is improved.
            • Detection of WebDAV by the installer is corrected.
            • Issues with folder and history display when installing the Array Manager on non-English Windows distributions are corrected.
            • The installer detects port conflict issues (most likely where Exchange or another mail server is installed on the same server). For more discussion of steps required when installing on Exchange Server, see Trustwave Knowledgebase article Q21146
            • The installer prompts for an Operational User for the Configuration Service database if required.
            • Upgrade handles additional cases where rules (including disabled rules) contain references to templates, folders, or other rules that no longer exist or where the reference was malformed.
            Policy elements and settings:
            • The retention setting shown on the Management Console Reporting page is correctly applied.
            • On upgraded installations, all Connector groups synchronize as scheduled.
            • Issues with incorrect selection of items in list views are corrected.
            • Message Templates and Message Stamps will now use the HTML formatting created using the WYSIWYG editor. You can also continue to use the stylesheet method described in Help.
            • Timezone offsets are correctly applied to all items in the Dashboard.
            • Unicode characters in subjects are handled correctly.
            • Folder permissions using Windows accounts are correctly retained.
            • In 10.0.2, changing Reporting Groups in the Management Console prevented further configuration changes. This issue is fixed.
            • Re-commit of the current configuration can be requested from the system configuration > General page.
            • Reporting Groups configuration is present.
              • Caution: An issue has been identified in the Reporting Group interface 10.0.2. Upgrade to 10.0.3.
            • The Variables list on the HTML message stamp editor is corrected.
            • Rules can be enabled or disabled from the list view.
            • Entry of service names/keys in Advanced Settings is no longer case sensitive.
            • When restore takes a long time, the Management Console correctly shows the status.
            • Automatic backups are performed only if selected.
            • Maintenance expiry is correctly shown on the License page.
            • Configuration can be committed as prompted after entering a license key.

            Mail View

            • Raw HTML source of email can be viewed.
            • Large lists load with acceptable speed.
            • Selecting an item no longer causes display issues on smaller resolution displays.
            • Deleting or forwarding from a filtered list selects the correct item.
            • Sorting is case-insensitive (as in 8.X).
            • Issues with folder display in certain timezones are corrected.
            • Filtering on the Message History pages is corrected. Note that filtering applies only to the displayed page, by design. To search over all available items, use Search instead.

            Functionality first added in MailMarshal (SEG) 10.0.1:

            The following features (present in SEG 8.X but not in 10.0.0) are included in current releases:

            • Folder physical path setting for individual folders
            • Folder security for individual folders
            • Authorization for configuration and email management by Windows accounts
            • Granular folder access authorization
            • Configuration commit scheduling

            Known Issues in MailMarshal (SEG) 10.X

            Installation/Upgrade

            • Configuration import error 
              • Configuration import will fail if services are not listening on the default IP and port. To import manually (using MMExportCFG), use the -a and -c parameters to set the correct server and port information.
            • Database Collation:
              • The MailMarshal databases MUST use a Case Insensitive collation. Installation of SQL sets collation based on the server locale. Most locales use Case Insensitive collation. If in doubt set the database collations to the default SQL_Latin1_General_CP1_CI_AS. Note that the collation MUST NOT be Turkish_CI_AS due to special treatment of the letter "i" in Turkish.
            • Azure Databases:
              • The Installer and Server Tool cannot currently create Azure SQL managed instance databases. SEG can use Azure databases if they are created in advance.
            • Upgrade - TLS 1.3 and Elliptic Curves:
              • Trustwave previously suggested use of the secp521r1 Elliptic Curve for key exchange. Customers should be aware that if this is the only curve enabled, email delivery from Gmail may not succeed. This change is due to TLS1.3 behaviors and Google's decision not to use the secp521r1 curve. 
              • The X25519 curve is widely used and this is the default in both SEG 8.2 and MailMarshal (SEG) 10.0.
              • To check settings see the Inbound Security - TLS page for each mail server.
            • Array Join credentials:
              • Adding an "Array Join" credential in the SEG Server Tool (used to join a processing server to an array) requires a restart of the Array Manager. The tool does not prompt you for this restart.

            Policy Elements and Settings

            • Configuration restore:
              • A restored configuration is committed with no confirmation or possibility of review in some cases.
              • Restoring a configuration from a previous version that has rules referencing SpamZeroDay.xml and KnownThreats.xml causes the Engine to stop. (The upgrade process blocks upgrade of these configurations, but restore does not.)
              • Restoring a configuration fails if any local MailMarshal user group name contains a fullstop character  ( . ) . The error reported in logs may not identify the specific group. Older MailMarshal versions did not validate names.
            • Configuration backup:
              • The retention setting applies to manual as well as automatic backups, since the files are created in the same location. To save manual backups, copy them to another location.
              • Backups and restores do not include DKIM keys unless a password is explicitly entered either as default or as override. No warning about missing passwords or unsaved keys is provided.
              • A custom backup location set in SEG 8.X will apply in MailMarshal (SEG) 10.X. This setting currently cannot be edited in 10.X.
            • Licensing:
              • Blended Threat licensing status is not shown on the License page.
              • Maintenance expiry shows today's date if the key cannot be validated through the Trustwave website (it should display "unknown").
              • Reminders about license status (seen in earlier versions) are not provided when you enter a new key.
              • Entering a key that has a Marshal RBL credential forces configuration commit with no notice.
              • Upgrading with an expired key results in no key being displayed on the License page. This behavior will not be changed.
            • Mail Server settings:
              • If custom settings have been configured, reverting to the default settings and saving does not update the display in the console. The settings have actually been updated correctly.
            • Policy Elements:
              • Dead Letter folders are not configurable in the Folders list.
            • Rules
              • Enabling default virus scanner rules does not validate that a scanner is present and working.
            • Users
              • Setting a user to "blocked" or "deleted" is only effective after a restart of the Management Console website.

            Mail View

            • Message History:
              • The default view of message history only shows items from "today". To see all items, use Search. The default should be to return all items up to the configured row count.

            API

            • Some REST API calls listed in the automatically generated "handler listing" are not available. This includes TextCensor addition, edit, and deletion

            Limitations in MailMarshal (SEG) 10.X

            The following functionality that was present in previous versions is not currently available in 10.X.

            • Finding items in User Groups and IP Groups
            • Restore from Mail Recycle Bin (this does not affect retention of messages)
            • RSS news feeds
              • Alternative: subscribe to the Notifications forum on the Trustwave support site

            Retired Features

            The DMARC Dashboard has been retired. Customers must use third party services for this functionality.

            The "Do not log to SQL" option when deleting a message is not available in this version of MailMarshal.


            To contact Trustwave about this article or to request support:


            Rate this Article:
                 

            Related Articles



            Add Your Comments


            Comment submission is disabled for anonymous users.
            Please send feedback to Trustwave Technical Support or the Webmaster
            .